Skip to content

Author: Alec Muffett

Alec is a computer and network security specialist who has been working in that field prettymuch constantly since obtaining a degree in Astronomy from UCL in 1988.

Alec Muffett
Photo credit Doc Searls

Work History

Immediately after graduation he spent three years working at Aberystwyth as a Systems Programmer for their transition from VMS and Honeywell GCOS-3, to Unix. There he developed the password-cracking suite Crack, and released it upon USENET to much notoriety.

Alec was hired by Sun Microsystems in 1992, soon joining Sun’s corporate Network Security Group where he helped define security standards, research firewalls, and developed WAN-scale network security auditing tools.

Moving to Sun’s European Network Operations Group in 1996, he implemented the company’s second-ever internet firewall complex, serving Sun’s European operations.

Early in 1998 Alec joined Netcentricity, a R&D hothouse working under the aegis of Sun’s then CTO, Eric Schmidt. He was promoted to Senior Staff Engineer and acted as team leader for The Bruce Project (SENSS) – an advanced (for its time, possibly still so) Java-based infrastructure for WAN-scale security audit, patch management, and system administration, with the intention of designing-in “bombproof” security and platform independence from the outset.

The “Bruce” project team both innovated and caused innovation in other aspects of Java, highlighting some limitations of RMI implementation whilst yielding early prototypes of dynamic pluggable peer-based authentication and session encryption, hidden from RMI by use of custom SocketProviders.

Netcentricity became rolled into SunLabs where Bruce prototyping was completed and published, licensed under an early Sun open-source license. Alec subsequently joined the EMEA technical team of Sun Professional Services where he fostered development of a 100+ person pan-European security technical community, and worked as a Senior Consultant and Senior Security Architect.

In 2001, Alec was appointed Principal Engineer with further responsibilities for training and fostering technical talent. With corporate reorganisation in 2004, Alec moved to the Financial Services Advanced Technology Projects group, where he worked in design, architecture and implementation of large-scale cluster and grid computing environments for financial-services customers.

In April 2002, Alec introduced Sun to the concept of corporate blogging with the company’s first interally-facing, scandalous and very popular weblog.

Since 2006 Alec has worked in global roles at Sun, consulting on Security, Web2.0 and Social-Networking-related matters.

Presentations

Alec has presented and published in several proceedings and magazines – he has an Erdos Number of 2 via two routes, from publications as part of team efforts in number factorisation and cryptography.

Alec has also worked with BBC TV, presenting in two teaching programmes upon the topic of computer security; taking a hint from this experience, he has since produced occasional video-blogs about security; he also has been interviewed several times for the trade press.

Ad-Hoc Bibliography and Presentations

Papers in red denote peer review process.

  • MPQS with Three Large Primes (ANTS 2002: Sydney)
    Paul C. Leyland, Arjen K. Lenstra, Bruce Dodson, Alec Muffett, Sam Wagstaff
  • Factorization of a 512-Bit RSA Modulus (EUROCRYPT 2000)
    Stefania Cavallar, Bruce Dodson, Arjen K. Lenstra, Walter M. Lioen, Peter L. Montgomery, Brian Murphy, Herman te Riele, Karen Aardal, Jeff Gilchrist, Gerard Guillerm, Paul C. Leyland, Joel Marchand, Francois Morain, Alec Muffett, Chris Putnam, Craig Putnam, Paul Zimmermann
  • Bruce: A Java-based Security Auditing Framework (UKUUG 1999)
    [DOWNLOAD]
  • SENSS Bruce (USENIX “;login:” Magazine 1999)
    [LINK]
    [COLLATERAL1]
    [COLLATERAL2]
  • Programming Holes that will hose your System Security (Cambridge 1997)
    Public lecture presented at the University of Cambridge.
    [DOWNLOAD]
  • The BlackNet 384-bit PGP key has been BROKEN (1995)
    Alec Muffett, Paul Leyland, Arjen Lenstra, Jim Gillogly
    [LINK]
  • WAN-Hacking with AutoHack (USENIX SECURITY 1995)
    Alec Muffett
    First description of a hyper-scalable vulnerability auditing tool, designed to deal with networks of 30,000+ hosts.
    [PAPER]
    [PAPER MIRROR]
    [SLIDES]
    [SLIDES MIRROR]
  • How To Build Your Own Network Intrusion Kit (AAA 1995)
    Tongue-in-cheek security presentation to the Access All Areas conference.
    [DOWNLOAD]
    [README]
  • Proper Care and Feeding of Firewalls (JANET 1994)
    Early paper detailing firewalling concepts, design, and selection.
    [DOWNLOAD]
  • USENET Security FAQ (1993)
    Final draft of approximately two years of USENET FAQ postings. Very dated but still useful in parts.
    [DOWNLOAD]
  • Crack v4.1 – A Sensible Password Checker for Unix (1991)
    Manual / whitepaper for Crack v4.1, reference only, now superceded.
    [DOWNLOAD]

Software Publications